rancher: [cli] Cannot switch context by clusterName:projectName

What kind of request is this (question/bug/enhancement/feature request): bug

Steps to reproduce (least amount of steps as possible):

  1. Create 2 clusters and add a cluster owner who is not an admin to both of them
  2. Login with CLI using admin user token and select one of the resulting contexts: rancher login --token $ADMIN_TOKEN --skip-verify $RANCHER_SERVER_URL
  3. Switch context in CLI using clustername:projectname rancher context switch test1:Default –> Will result in: FATA[0000] Not found: test1:Default
  4. Now login with user token and select one of the resulting contexts: rancher login --token $USER_TOKEN --skip-verify $RANCHER_SERVER_URL
  5. Switch context in CLI using clustername:projectname rancher context switch test1:Default –> Will result in: FATA[0000] Bad response statusCode [403]. Status [403 Forbidden]. Body: [baseType=error, code=Forbidden, message=projects.management.cattle.io "Default" is forbidden: User "u-b47sd" cannot get resource "projects" in API group "management.cattle.io" in the namespace "test1"] from [$RANCHER_SERVER_URL/v3/projects/test1:Default]

Result: (shown in steps above)

Other details that may be helpful: This is kind of two errors in one:

  1. I should be allowed to switch contexts knowing just the cluster name and project name, as the cluster name is unique. If there are multiple projects with that name in the cluster, then I would expect the general multiple-resources error: FATA[0000] Multiple resources of type project found for name Default: [c-88rmh:p-mhvc2 c-qcqcs:p-sfpjl]
  2. The error messages are both misleading. I would expect since the user has access to this cluster, he should see at least the same error message as admin. The admin error message shows that it is not found, which is a bit misleading.

It might make sense to add a --cluster flag to the context switch command so that it could be executed like: rancher context switch --cluster test1 Default. This would probably help to remove confusion between the colon syntax which is the same as how a project ID is specified.

Environment information

  • Single node install rancher v2.3.5

Cluster information

  • 2 clusters, 3 nodes each all roles
  • Cluster type (Hosted/Infrastructure Provider/Custom/Imported): Linode
  • Machine type (cloud/VM/metal) and specifications (CPU/memory): 2gb, 1vcpu
  • Kubernetes version (use kubectl version):
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2019-12-07T21:20:10Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.2", GitCommit:"59603c6e503c87169aea6106f57b9f242f64df89", GitTreeState:"clean", BuildDate:"2020-01-18T23:22:30Z", GoVersion:"go1.13.5", Compiler:"gc", Platform:"linux/amd64"}

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 4
  • Comments: 20 (6 by maintainers)

Most upvoted comments

we also hit this one. i think there is something missing here.

currently i can’t find anyway to switch without any human intervention to the Default project of another cluster.

To do a context switch you have to know $CLUSTERID:$PROJECTID and to determine PROJECTID using the cli you have to switch to the other cluster and do a rancher projects ls but there is no command that can do that !

Here there is 2 options AMHA:

  • either rancher cli supports rancher projects ls --all-clusters
  • either there is a way to do rancher cluster swicth $CLUSTERID

Am i wrong ?

Changed to enhancement as Dan’s comment above is the intended use right now.

It would be nice to have a command like rancher context switch --cluster test Default. Technically cluster named “test” could have multiple projects named “Default”, and in that case it should throw the same error, but if it doesn’t it would be convenient to switch contexts this way.